Thursday, 15 November 2012

free download ebook Ethical Hacking (EC-Council Exam 312-50): Student Courseware

 



 
EC-Council E-Business Certification Series

Copyright © by EC-Council


Developer - Thomas Mathew

Publisher - OSB Publisher


ISBN No - 0972936211


 
By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide provides the tools necessary for approaching computers with the skill and understanding of an outside hacker.




Introduction

This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.



  • External Approach



    • With some prior knowledge


    • Without prior knowledge




  • Internal Approach



    • With some prior knowledge


    • With deep knowledge




Whatever the approach adopted, it is a fact that penetration testing is constrained by time and availability of resources, which varies from client to client. To effectively utilize both these telling factors, penetration testers adopt some form of structure or methodology. These can be checklists developed by consulting practices, widely available resources such as Open Source Security Testing Methodology or a customized attack strategy.

There are is no single set of methodology that can be adopted across client organizations. The skeletal frame of testing however is more or less similar. The terms of reference used for various phases may differ, but the essence is the same. As discussed in preceding modules, the test begins with:



  • Footprinting / Information Gathering phase


  • Discovery and Planning / Information Analysis phase


  • Detecting a vulnerability / security loophole


  • Attack / Penetration / Compromise


  • Analysis of security posture / Cover up / Report


  • Clean up


The general objective of a penetration test is to reveal where security fails. The result of a penetration test can be:



  • successful attack - when the objective is met within the scope of the attack


  • a partial success - when there has been a compromise, but not enough to achieve the objective


  • a failure - when the systems have been found to be robust to the attack methodology adopted


Foot printing / Information Gathering phase:



  • Client site intelligence


  • Infrastructure fingerprinting


  • Network discovery and Access point discovery


Discovery and Planning / Information Analysis phase



  • Target Identification


  • Resource and Effort Estimation


  • Modeling the Attack strategy (s)


  • Relationship Analysis


Detecting a vulnerability / security loophole



  • Vulnerability Analysis


  • Scanning


  • Enumeration


  • Zeroing the target


Attack / Penetration / Compromise



  • Exploring viable exploits (new / created / present)


  • Executing the attack / Alternate attack strategy


  • Target penetration


  • Escalating the attack


Analysis of security posture / Cover up / Report



  • Consolidation of attack information


  • Analysis and recommendations


  • Presentation and deliverables


Clean up



  • Clean up tasks and procedures


  • Restoring security posture


Download Here:
http://www.ziddu.com/download/13121682/Ethical_Hacking_and_Countermeasures_EC_Council_Exam_312_50_.rar.html

4 comments:

  1. ... [Trackback]...

    [...] Read More Infos here: thehackingtricks.wordpress.com/2012/11/15/free-download-ebook-ethical-hacking-ec-council-exam-312-50-student-courseware/ [...]...

    ReplyDelete
  2. Hi there, just became alert to your blog through Google, and found that it's really informative.

    ReplyDelete
  3. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete